(*
 * Copyright 2014, General Dynamics C4 Systems
 *
 * This software may be distributed and modified according to the terms of
 * the GNU General Public License version 2. Note that NO WARRANTY is provided.
 * See "LICENSE_GPLv2.txt" for details.
 *
 * @TAG(GD_GPL)
 *)

chapter "Proofs"

(*
 * List of rules to make various images.
 *
 * Some rules have duplicate targets of the form:
 *
 *    theories [condition = "MOO", quick_and_dirty]
 *       "foo"
 *    theories
 *       "foo"
 *
 * The idea is that if the environment variable "MOO" is defined we
 * execute the first rule (doing the proof in quick-and-dirty mode), and
 * then find we need not take any action for the second. Otherwise, we
 * skip the first rule and only perform the second.
 *)

(*
 * Refinement proof.
 *)

session Refine = BaseRefine +
  description {* Refinement between Haskell and Abstract spec. *}
  options [timeout=3600]
  theories
    "refine/Refine"
    "refine/Orphanage"

session BaseRefine = AInvs +
  description {* Background theory and libraries for refinement proof. *}
  options [timeout=600]
  theories
    "refine/Include"

session AInvs = ASpec +
  options [timeout=3600]
  theories
    "invariant-abstract/AInvs"
    "invariant-abstract/EmptyFail_AI"
    "invariant-abstract/KernelInit_AI"
    "invariant-abstract/DetSchedSchedule_AI"


(*
 * C Refinement proof.
 *)

session CRefineSyscall = CBaseRefine +
  theories
    "crefine/Syscall_C"

session CRefine = CBaseRefine +
  theories
    "crefine/Refine_C"

session CBaseRefine = CSpec +
  theories [condition = "SKIP_REFINE_PROOFS", quick_and_dirty, skip_proofs]
    "crefine/Include_C"
  theories
    "crefine/Include_C"


(*
 * CapDL Refinement
 *)

session DBaseRefine = Refine +
  theories
    "drefine/Include_D"

session DRefine = DBaseRefine +
  theories
    "drefine/Refine_D"

session DPolicy = DRefine +
  theories
    "access-control/Dpolicy"

(*
 * Infoflow and Access
 *)

session Access in "access-control" = AInvs +
  options [timeout=3600]
  theories
    "Syscall_AC"
    "ExampleSystem"

session InfoFlow in "infoflow" = Access +
  theories
    "Noninterference"
  theories
    "Noninterference_Base_Refinement"
    "PolicyExample"
    "PolicySystemSAC"
    "ExampleSystemPolicyFlows"
    "Example_Valid_State"

session InfoFlowC = CRefine +
  theories
    "infoflow/Noninterference_Refinement"
    "infoflow/Example_Valid_StateH"

(*
 * capDL
 *)

session SepDSpec = DSpec +
  theories
    "sep-capDL/Frame_SD"

session DSpecProofs in "capDL-api" = SepDSpec +
  theories
    "API_DP"

(*
 * Static Separation Kernel Bisimilarity
 *)

session Bisim in bisim = AInvs +
  theories
    "Syscall_S"
  files
    "document/root.tex"
    "document/build"
    "document/Makefile"

(*
 * Separation Logic
 *)

session SepTactics = Word +
  theories
    "../lib/Hoare_Sep_Tactics/Hoare_Sep_Tactics"

session SepTacticsExamples = SepTactics +
  theories [quick_and_dirty]
    "capDL-api/Sep_Tactic_Examples"


(*
 * Binary Verification Input Step
*)
session SimplExportAndRefine = CSpec +
  theories
    "asmrefine/SEL4SimplExport"
    "asmrefine/SEL4GraphRefine"

session SimplExportOnly = CSpec +
  theories
    "asmrefine/SEL4SimplExport"

(*
 * Libraries
 *)

session AutoLevity = AutoLevity_Base +
  theories
   "../lib/autolevity_buckets/AutoLevity_Top"

session AutoLevity_Base = Word + 
  theories
    "../lib/autolevity_buckets/AutoLevity_Base"

